Advanced Search

On Services Creating Confidence For Electronic Transactions

Original Language Title: o službách vytvářejících důvěru pro elektronické transakce

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.
297/2016 Coll.


LAW
Dated 24 August 2016

About creating trust services for electronic transactions

Parliament has passed this Act of the Czech Republic:

§ 1
Subject Matter


This law regulates in relation to the directly applicable legislation of the European Union
^ 1)

A) certain procedures for providers of services to create confidence

B) some requirements for services that create trust

C) the competence of the Ministry of the Interior (the "Ministry") in
services that generate trust and

D) penalties for breach of duties in the service sector confidence building.

Procedures for qualified service providers confidence building

§ 2

Qualified service provider confidence building provides qualified service
creating confidence on the basis of a written contract.

§ 3

(1) Qualified provider of services to create confidence kept for a period of 10 years
documents related to the issuance

A) qualified certificates for electronic signatures and electronic
seals

B) qualified certificates to authenticate websites and

C) qualified electronic time stamps.

(2) After the period referred to in paragraph 1
qualified provider of services to create confidence kept for the next 15 years
data on which the applicant's identity has been verified on the issue
qualified certificate for electronic signatures, or
electronic seals or the identity of the natural person authorized to act on behalf of the legal
person requesting the issuance of a qualified certificate for electronic seal
.

(3) If the European Parliament and Council Regulation (EU) no. 910/2014 on
electronic identification and trust services for creating
electronic transactions in the internal market and repealing Directive 1999/93 / EC
(hereinafter the "Order") or this Act provides otherwise, the procedure
in the handling of documents contained under the law regulating
archives and records management.

§ 4

(1) Qualified provider of services to create confidence that after
termination of its activities can not fulfill the obligation to maintain and make
records pursuant to Article. 24 paragraph. 2 point. h) Regulation ensures
immediately after completing his takeover of the activities of this evidence by another qualified provider
confidence building.

(2) If a qualified service provider confidence building
ensure the takeover of the records referred to in paragraph 1, transmit register immediately
Ministry.
Signing the document


§ 5

The signing electronic signature can be used only
qualified electronic signature, signs an electronic document, which is legally
,

A) the State, local government unit, a legal entity established by law or
legal entity established or founded by the state, territorial self
total or legal entity established by law (hereinafter referred to as "public
signer"), or

B) a person not mentioned in point a) the exercise of its jurisdiction.

§ 6

(1) The signing of an electronic signature can be used only
recognized electronic signature, signs an electronic document, which is legally
podepisujícímu against a public or another person
in connection with the performance of its duties.

(2) an electronic signature means an advanced electronic
signature based on a qualified certificate for electronic signature
or qualified electronic signature.

§ 7

The signing electronic signature can be used
advanced electronic signature, recognized electronic signature or other type of electronic signature
, signs an electronic document, which is legally
way other than specified in § 5 or § 6. 1st

Seal document

§ 8

Unless other legislation as a requirement infringement
contained in document signature, this requirement does not follow from the nature
legal actions, public signing and other legal entity,
case in the exercise of its powers; seal documents in electronic form
qualified electronic seals.

§ 9

(1) The sealing of electronic seals can be used only recognized
electronic seal, seal if the electronic document laying

Legally act against a public podepisujícímu or other person
in connection with the performance of its duties.

(2) recognition of electronic seal means guaranteed
electronic seal based on a qualified certificate for electronic seal
or qualified electronic seal.

§ 10

The sealing electronic seals can be used
advanced electronic seal, recognized electronic seal, or other type of electronic
seals, seals if the electronic document, which is legally
way other than specified in § 8 or § 9. 1st

§ 11

The use of qualified electronic time stamp

(1) Public signer who signed electronic document
who is legally manner under § 5, and the person who signed
electronic document which legal acts in the exercise of its powers by way
§ 5, provides the signed electronic document
qualified electronic time stamp.

(2) Public signing, which sealed the electronic document
which legal acts, in the manner pursuant to § 8, and the person who sealed
electronic document which legal acts in the exercise of its powers by way
§ 8, provides the sealed electronic document
qualified electronic time stamp.

§ 12

Validation of advanced electronic signatures and electronic seals


Article. 32 paragraph. 1 point. a) to e), g) and h) Regulation on
validation of advanced electronic signature based on a qualified certificate
electronic signature and authentication
validity of the advanced electronic seals based on a qualified certificate for electronic
seals apply mutatis mutandis.

§ 13

Responsibilities of the Ministry

(1) The Ministry is responsible supervisory authority by regulation and by
this Act.

(2) The Ministry may give qualified service providers
confidence building instruction to invalidate it
issued a qualified certificate if there is reasonable suspicion that a qualified
certificate was faked, or if it was issued on the basis of false || | data. The Ministry may give instructions to invalidate a qualified certificate
also in the case of finding the signing or sealing person uses
tool for creating electronic signatures or electronic
seal, which shows security gaps allowing counterfeiting
electronic signatures and electronic seals or change
be signed or pečetěných data.

(3) The Ministry shall publish in a manner allowing remote access
trusted lists containing information on qualified service providers
confidence building along with information about their
provided qualified services confidence building.

(4) The Ministry maintains a list of certificates on the basis of qualified service providers
confidence building
sign a guaranteed electronic signature or an advanced electronic seal
seal issued qualified certificates issued or
qualified electronic time stamps. Certificates list published by the Ministry
manner enabling remote access.

(5) The Ministry shall fulfill his obligation under Article. 24 paragraph. 2 point. h) Regulation
in the case of acquisition accounting in accordance with § 4 para. 2nd

(6) The Ministry shall promptly notify the Office for the Protection of Personal Data
findings in relation to the tasks of the supervisory authority pursuant to paragraph 1
when they concern the scope of this authority.

Provision confidence building Administration of basic registers

§ 14

Administration basic registers can provide services that create trust, and
even as economic activity.

§ 15

(1) When a Managing Basic Service Registry generating confidence
whose object is a certificate that is not certified for
electronic signature certificates for electronic seal or
certificate for authenticating websites, keep records
certificates and persons or their parts to which the certificate was issued.

(2) The record contains

A) information about an individual which the certificate was issued, to the extent

First name, or names and surnames,


Second date, place and district of birth; For natural person, who was born in
abroad, the date, place and country where she was born,

Third date of death,

Fourth address of residence, where appropriate, the address to be delivered
documents

B) details of the legal entity or its components which the certificate was issued
, ranging

First business name or name,

Second address of the seat

Third personal identification number,

C) details of the certificate in the range

First ID

Second start and end date,

Third date and time of activation

Fourth date and time of revocation

D) other information on the extent

First carrier identifier on which the certificate is stored,

Second agenda identifiers for individuals agenda
issuing certificates.

(3) The information pursuant to paragraph 2. c) are publicly accessible manner
allowing remote access.

(4) The data referred to in paragraph 2 shall be registered for a period of validity and
next 15 years from the end of validity.

Misdemeanors and administrative offenses legal entities and individuals

§ 16

(1) A person who commits an offense that a mark of confidence
EU ^ 2) in violation of Article. 23 paragraph. 1 Regulation.

(2) An offense under paragraph 1 may be fined up to 2 million CZK.

§ 17

(1) A legal entity or natural person commits an administrative offense
that

A) a mark of confidence EU ^ 2) in violation of Article. 23 paragraph. 1 Regulation, or


B) in violation of Article. 24 paragraph. 2 point. h) Regulation does not record or
not disclose all relevant information after the activity
qualified service provider confidence building or transmit
ministry records pursuant to § 4 para. 2nd

(2) Service Provider confidence building commits an administrative offense
that

A) fails to take appropriate technical and organizational measures to manage the risks
threatening the security of its services in accordance with Article. 19 paragraph. 1
Regulation,

B) contrary to Article. 19 paragraph. 2 of the Regulation is not so informed about the violation
security or loss of integrity without undue delay
supervisory authority under this Act or the person you may have a security breach or loss
integrity adverse impact or

C) in conflict with Art. 21 par. 3 of providing services that create trust
designated as qualified before the status
qualified service provider confidence building and
qualified services indicated in the trusted lists.

(3) Qualified service provider confidence building
commits an administrative offense by

A) in violation of Article. 20 paragraph. 1 Regulation

First is not subjected to audit by the conformity assessment body
least once every 24 months or

Second fails to submit the final report on conformity assessment

B) does not submit to an audit by the supervisory authority under this Act or
conformity assessment body under Article. 20 paragraph. 2 Regulation,

C) fails to be on its website a link to the relevant
trusted list in accordance with Article. 23 paragraph. 2 Regulation,

D) fails to notify any changes in the provision of services to create confidence
intention or terminate any of its activities under Art. 24 paragraph. 2
point. a) Regulation,

E) employs an employee or uses subcontractors in violation of Article. 24
paragraph. 2 point. b) Regulation,

F) in violation of Article. 24 paragraph. 2 point. c) Regulation,

First not maintaining sufficient financial resources or

Second conclude appropriate liability insurance

G) fails to comply with the notification obligation pursuant to Article. 24 paragraph. 2 point. d) Regulation,

H) does not use trustworthy systems and products under Article. 24 paragraph. 2 point.
E) Regulation,

I) does not trustworthy systems to store data in accordance with Article. 24 paragraph. 2
point. f) Regulation,

J) fails to take appropriate measures against forgery and theft of data under Article. 24
paragraph. 2 point. g) Regulation,

K) in violation of Article. 24 paragraph. 2 point. h) Regulation does not record or
not disclose all relevant information

L) does not have an updated plan of termination to ensure continuity of service
under Article. 24 paragraph. 2 point. i) Regulation,

M) provides qualified services based on creating trust
written contract pursuant to § 2

N) does not keep the documents under § 3 para. 1, or


O) does not store data according to § 3. 2nd

(4) Qualified service provider confidence building
issuing qualified certificates commits an administrative offense by

A) verifies the identity and special characters for a natural or legal person
which is a qualified certificate issued under Article. 24 paragraph. 1 Regulation,

B) ensuring that a qualified certificate issued by him contain accurate
truthful and complete information

C) in violation of Article. 24 paragraph. 2 point. k) The Regulation does not update the database or
issued by the qualified certificates

D) publish the revocation of a qualified certificate issued by him under Article
. 24 par. 3 of,

E) fails to provide any relying party information on the validity
or revocation of qualified certificates issued by him under Article. 24
paragraph. 4 Regulation,

F) in violation of Article. 28 paragraph. 4 Regulation changes the status revoked it
issued a qualified certificate for electronic signatures,

G) in conflict with Art. 38 par. 4 of Regulation changed status revoked it
issued a qualified certificate for electronic seals or

H) issues a qualified certificate for e-signature
qualified certificate for electronic seal or qualified certificate for authentication
websites that do not meet the requirements set
Regulation.

(5) Qualified service provider confidence building
providing qualified service
validation of qualified electronic signatures and qualified electronic seals are
committed an administrative offense that

A) fails to verify the validity of the qualified electronic signature
or qualified electronic seals under Article. 33 paragraph. 1 point. a)
Regulation, or

B) provides qualified service verification
qualified electronic signatures or qualified electronic seals
in conflict with Art. 33 paragraph. 1 point. b) Regulation.

(6) Qualified service provider confidence building
providing qualified service retention of qualified electronic signatures and qualified electronic
seal commits an administrative offense
by not using procedures and technologies in accordance with Article. 34 paragraph. 1 Regulation .

(7) Qualified service provider confidence building
issuing qualified electronic time stamps commits an administrative offense
by not ensuring that it issued a qualified electronic time stamps
meet the requirements of Article. 42 para. 1 Ordinance.

(8) An administrative offense shall be fined up

A) 500,000 CZK, for an administrative offense pursuant to paragraph 3. c) ag)

B) 1,000,000 CZK, for an administrative offense pursuant to paragraph 2. b)
para 3. a), e) and m)

C) 2,000,000 CZK, for an administrative tort pursuant to paragraphs 1, 2
point. a) and c) of paragraph 3 point. b), d), f), h) to l), n) and o) and
paragraphs 4 to 7

§ 18

(1) A legal person for an administrative delict if it proves that
made every effort that could be required to breach
legal obligations prevented.

(2) In assessing the fine legal person takes into account the seriousness
administrative offense, especially the manner of its commission and its consequences
and the circumstances under which it was committed.

(3) Liability for an administrative offense if the administrative authority did
initiated proceedings within 1 year of the date on which it learned of the latest
within 3 years from the date on which it was committed.

(4) The liability for conduct that occurred in entrepreneurial
natural person or in direct connection with, the provisions of this
Act on liability and sanctions to legal persons.

(5) Administrative offenses under this Act shall be heard in the first instance
ministry.

(6) Revenue from fines is income of the state budget.

§ 19
Transitional provisions


(1) After a period of 2 years from the date of entry into force of this Act to be
signing pursuant to § 5 also use an advanced electronic signature based on a qualified
electronic signature certificate.

(2) After a period of 2 years from the date of entry into force of this Act may be used instead
advanced electronic seals based on a qualified certificate for electronic seal or
instead of qualified electronic seals
apply

A) electronic tag under the Act no. 227/2000 Coll., On electronic

Signatures and amending certain other laws (Act on electronic signature
), as in force before the effective date of this Act,
based on a certificate issued by a person who was
prior to the effective date of this Act
accredited provider of certification services and is a qualified service provider
confidence building, or

B) an advanced electronic seal based on a certificate for an electronic seal
issued a qualified service provider
confidence building.

(3) For the purposes of paragraph 2, § 11 para. 2 shall apply mutatis mutandis.

(4) Qualified provider of services to create confidence that
systemic issues certificates for use pursuant to paragraph 2. a)
provides this service creating confidence on the basis of a written contract.
The provisions of § 3 para. 1 point. a) and § 3 para. 2 storage
documents related to the issuance system certificates
apply mutatis mutandis.

(5) After a period of 2 years from the date of entry into force of this Act may be used instead
qualified electronic time stamp according to § 11
use electronic time stamp issued by a qualified service provider
confidence building.

(6) Qualified provider of services to create confidence that
issuing electronic time stamps for use in accordance with paragraph 5
provides this service creating confidence on the basis of a written contract.
The provisions of § 3 para. 1 point. c) the retention of documents
related to the issuing of electronic time stamps
apply mutatis mutandis.

(7) The obligations pursuant to § 6 para. 5-8 of the Act no. 227/2000 Coll., As amended
effective prior to the effective date of this Act
retained even after the effective date of this Act.

(8) The validity of electronic tags and system certificates
not repeal the Act no. 227/2000 Coll. affected.

(9) If the effective date of this Act, other legal regulations
concept recognized electronic mark, it also refers to
electronic tag under the Act no. 227/2000 Coll., As amended, effective || | before the effective date of this Act, based on a system
certificate issued by an entity that was before the effective date of this Act
accredited certification service provider and
who is a qualified service provider confidence building.

§ 20
Repealing provisions


Repealed:

First Act no. 227/2000 Coll., On electronic signatures and amending certain
other laws (Electronic Signature Act).

Second Part V of the Act no. 226/2002 Coll., Amending Act no. 141/1961
Coll., On Criminal Procedure (Criminal Procedure Code), as amended
regulations, Law no. 99/1963 ., Civil procedure Code, as amended
amended, Act no. 337/1992 Coll., on administration of taxes and fees,
amended, Act no. 71/1967 Coll., on administrative proceedings | || (administrative procedure Act), as amended, and Act no. 227/2000 Coll., on
electronic signatures and amending certain other laws (Act on electronic Signatures
).

Third Part eight of Act no. 517/2002 Coll., Which implements certain
measures in the system of central state administration bodies and changing some
laws.

Fourth Act no. 440/2004 Coll., Amending Act no. 227/2000 Coll., On
electronic signatures and amending certain other laws (Act on Electronic Signatures
), as amended.

Fifth Part of the twenty-eighth of Act no. 501/2004 Coll., Amending certain
laws in connection with the adoption of the Administrative Code.

6th Part III of the Act no. 635/2004 Coll., Amending certain laws in
connection with the adoption of the Act on Administrative Fees.

7th Part of the thirty-second Act no. 444/2005 Coll., Amending Act no. 531/1990 Coll
., On territorial financial authorities, as amended
amended, and certain other laws.

8th Part eight of Act no. 110/2007 Coll., On certain measures in the system
central government authorities, relating to the abolition of the Ministry of Informatics
and amending certain laws.

9th Part II of the Act no. 190/2009 Coll., Amending Act no. 499/2004
Coll., On Archives and Records Service and amending certain laws,
amended, and other related laws.


10th Sixteen of Act no. 223/2009 Coll., Amending certain
laws in connection with the adoption of the law on the free movement of services.

11th Part of the old age of the Act no. 227/2009 Coll., Amending certain laws in
connection with the Act on basic registers.

12th Part of the seventy-sixth of the Act no. 281/2009 Coll. Amending
certain laws in connection with the adoption of the Tax Code.

13th Part One of Act no. 101/2010 Coll., Amending Act no. 227/2000
Coll., On electronic signatures and amending certain other laws (
on electronic signature), as amended, and Act no. 227/2009 Coll
. amending certain acts in connection with the adoption
Act on basic registers, as amended.

14th Part of the fourteenth Act no. 424/2010 Coll., Amending Act no. 111/2009 Coll
., On basic registers, as amended by Act no. 100/2010 Coll.,
And other related laws.

15th Part II of the Act no. 167/2012 Coll., Amending Act no. 499/2004
Coll., On Archives and Records Service and amending certain laws,
amended, Act no. 227/2000 Coll., on electronic
signatures and amending certain other laws (Act on electronic signature
), as amended, and other related laws.

16th Part of the thirty-seventh Law no. 64/2014 Coll., Amending certain
laws in connection with the adoption of the control order.

17th Decree no. 378/2006 Coll., On procedures
qualified providers of certification services, requirements for electronic signature
tools and requirements for data protection for creating electronic tags
(Decree on procedures for qualified providers of certification
services).

18th Decree no. 212/2012 Coll., On the structure of the data on which it is possible to clearly identify
signatory, and
procedures for verifying the validity of the advanced electronic signature, e
brand, qualified certificate, qualified system | || certificates and qualified time stamps (Decree on checking the validity
advanced electronic signature).

§ 21
Efficiency


This Act shall take effect on the date of its publication.


Hamáček vr Zeman

Sobotka


1) Regulation of the European Parliament and Council Regulation (EU) no. 910/2014 of 23 July 2014
on electronic identification and trust services, creating
for electronic transactions in the internal market and repealing Directive 1999
/ 93 / EC.

2) Commission Implementing Regulation (EU) 2015/806 dated 22 May 2015
laying down specifications regarding the form of the EU trustmark for
qualified services that create trust.